aptos-gf3-society

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "hierarchical lazy loading" explicitly places 11–17 char tiles off-chain on public Arweave/IPFS (and describes loading proofs from those roots), so the agent would retrieve and interpret public, user-hosted content from Arweave/IPFS at runtime, exposing it to untrusted third-party content and potential indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain asset management and staking using Aptos Move modules (e.g., "pyusd_staking", "fungible_asset", "coin", staking pool struct and stake-management invariants). It includes code-level smart contract definitions that manipulate stakes and fungible assets, references PyUSD (a crypto token), and provides commands to compile and publish Move contracts to a network ("aptos move publish --profile testnet"). These are specific crypto/blockchain financial operations (managing tokens/stakes and deploying contracts that can move or control funds), not generic tooling. Therefore it grants direct financial execution capability.